You know, what's cool is once in a while you come across a company and a leader that truly is looking at cybersecurity very differently and trying to solve big, big problems for the industry. Maxime Lamothe-Brassard and his co founders are doing just that, in my opinion, in this conversation. Find out what the genesis was of this different approach, how they're going to market, what exactly it is, and the biggest challenge their sales team is facing right now. Oh, and also Maxime's favorite winter pastime. Don't go away. Welcome to the Sales Bluebird podcast, where we help cybersecurity companies grow sales faster. I am your host, Andrew Monaghan. Our guest today is Maxime Lamothe-Brassard, cofounder and CEO at LimaCharlie. Maxime. Welcome to Sales Bluebird.

Maxime Lamothe-Brassard 00:00:58

Hi. Super happy to be here

Andrew Monaghan 00:01:00

Is going to be an interesting discussion, I think, for the audience. You've got a really solid technical background in cybersecurity going back many years, and then you made the switch to say, there's something here that I need to go co found a company with and become the CEO. So I'm really intrigued about how you made that whole decision and that whole process. A quick break to say that this episode is sponsored by It Harvest. With over 3200 vendors in cybersecurity, it is hard to keep track of all the latest developments, as well as research and analyze categories and subcategories within cybersecurity, which is where the It Harvest cybersecurity platform comes in. Want to know which subcategories in cloud security are growing the fastest? You'll get it in a few clicks? Want to know and track everything about your main competitors and keep up with their hiring and use simple search to be done? Want to know the top 20 fastest growing companies based out of Israel? Easy.

Just a couple of clicks to get that. It. Harvest is the first and only research platform dedicated to cybersecurity and it's run by Richard Stiennon, who has done it all in cybersecurity from the VP of Research at Gartner, a CMO at a cybersecurity vendor, a Lecturer on Cybersecurity, advisor to startups, advisory board member at Startups and a main board member as well. The whole lot. Find out more by going to salesbluebird.com/RESEARCH. That's salesbluebird.com/RESEARCH. 

Now back to the episode. Well, let's get on to that, then, Maxime. If I look at your LinkedIn profile very quickly, you started off in here anyway, technical lead, Department of National Defense, Canada. You then joined Strike for a little bit. You were the CTO and chief architect. Is it Arcadia? Did I pronounce that right?

Maxime Lamothe-Brassard 00:03:02

That's right.

Andrew Monaghan 00:03:03

It's got a number four in the middle there, which confused me. And then you spent a number of years at Google, then Chronicle, and then in January 2018, you co founded LimaCharlie. I want to go back to that moment in time when you're sitting there having left Chronicle or you're in that sort of transition. You're saying you know, there's something I've just found that eats away at me that says, I'm going to devote my life to co founding and building a start up, which is a really hard thing to do, but it's so important that I got to go do it. Where were you? What was the realization? Who were you with?

Maxime Lamothe-Brassard 00:03:42

Yeah. So it's less, I think, sort of one pivotal moment and more the logical next step for me. So to put it in context, I've always been plus one kind of person, so I've always been kind of building things that were a little bit outside of the scope and in the size where I was. And so I've been going from larger organizations. And so when I left Google X or Chronicle, the only logical next step was pretty much to start something. And that combined with sort of a very long frustration in security, where it had really become clear in my mind that I've worked in the past with a lot of very technical people, very good teams, and there's a lot of very good teams. There's a lot of very good technical people. But even while at Google looking to get access to security tools in the commercial space, so much of it was just designed for, hey, anybody can just use this, right? You don't need training almost. I always do it like, my grandma is fighting the Russians with this tool. And it was very frustrating because even as a Google, kind of the romantic idea, perhaps, of Google engineering and security, looking to vendors to try to get advanced capabilities, and it just wasn't there. And so it was really sort of a long term frustration of the whole vendor space for me. That kind of led me to the point where I said, okay, I'd been building an open source edr for many years at that point while at Google. So I had kind of this side project, and I knew that whatever I'd end up starting had to be more than like, hey, we do Expert 10% better. Like, hey, we do this thing here's the exact name of it in Gartner. Everybody knows what it is exactly. I just do it with more cyber. AI blockchain right? I didn't want to do that. So it's sort of at that point where it was really obvious as soon as I was leaving Google X, like, okay, I have to be starting something, and it's got to be something interesting and very different. So those were really my criteria. I mean, the third criteria, to be honest, was I didn't want to do a services company was an example where it was sort of like a sort of MSSP. And so I've done services and incident response and all that stuff, and I have a lot of respect for people doing that. But I felt like I'm told for this, that was kind of the environment where I was at that point. And then from the open source days. Not days, but the open source project. I knew Joe, who was to be one of my co founders and who has a background in law enforcement, intelligence, cyber security, in a bunch of different environments. In many ways, very similar background as me and Chris, who was a guy that had met in university. And it's funny, when we graduated, when we were in classes, we always kind of talked about ideas. Like at some point we need to start something. So he was the one person I kind of knew that he's going to be starting things. So when that was the time, I kind of reached out and said, let's do it and now is the right time.

Andrew Monaghan 00:07:28

And did you already have the idea of what it was going to be when you did that? Or were you just thinking, look, I've got a bunch of things in my mind, let's brainstorm?

Maxime Lamothe-Brassard 00:07:37

That's a really good and kind of complex question in the sense that, yes, I had an idea of the direction it's, how to communicate it, that wasn't fully crystallized yet for a few different reasons. So we kind of knew where we were headed, but when we started, we would actually kind of pitch that idea, right. It's like, hey, we know where we're going. So when we start kind of selling the early product, we said, well, we're going to sell the product, but also where we're going. And the reality is we were getting blank stares, just people did not get it at all. And so we kind of really had to remind ourselves at the time the expression I heard from somebody, I forget who it was, something along the lines of, you know, you've got something interesting when you talk to people and they don't understand really where you're going. Because the next step is that at some point this becomes the obvious solution and no other thing could possibly take its place right there's like this kind of pivot point. So yeah, we knew that we wanted to go and essentially to do tools that were for cybersecurity professionals. And what I mean by that is it wasn't for like, hey, you're right out of university or technical college and you want to use the tool. Like level one. We really wanted to do something that enterprise could leverage and really good cybersecurity teams could really leverage. So all the tools that we wish we had when we were an enterprise, we wanted to be able to kind of offer them. And the other one was the other kind of component to that vision was that the cyber security industry is in tech, really old school. I think a lot of cyber security vendors have gotten kind of fat at the ability to just go and do big contracts over long periods of time on products that people don't really necessarily understand. Right? So they target the CTO that doesn't really get what it is that you can make the shiny thing was enough. You're able to kind of get a lot of market traction, but at the end of the day, it's a lot of wining and dining and kind of really like car salesmanship old school stuff in my mind. And so we wanted to take a completely different approach to it. We wanted to say, which is kind of the key of what we do, how we're structured as products and business, which is, hey, you know, how AWS completely change how tech and It is sold. And they changed it in many different ways. But the two big ones are the types of products that they sold were very technical. So there were components of It infrastructure, and the way that they sold it was anybody with a credit card can they get access to anything they want at any point in time. All the documentation is freely open, online integration is free. You know what I mean? That whole kind of it's not open source, but it's very wide. And so we said, why is that not happening in cyber security? Why are we still stuck with I'm an enterprise and we started with Edr. I want Edr. Why do I have to pick up the phone, talk to three different salespeople, set up a demo in a month's time, then after the demo, they like that endless process and then to be told, oh, there's a minimum of 5000 endpoints below that, you're not worth our time. So all those frustrations, they were really kind of things that we were frustrated as practitioners in the past. And we said we have the opportunity to start something from the ground up, so let's do it properly and really shed all of the legacy, like old school things about cybersecurity that really shouldn't be necessary. So we are offering sort of an AWS like environment for cybersecurity tools and infrastructure. So we started with the Edr because that's what we had. And then we expand.

Andrew Monaghan 00:12:16

So I'm kind of intrigued by you're doing something so different that you get the blank stares, right? But still you keep going, right? This is kind of interesting. I mean, there's obviously that blank stares are good. People will get it in a minute, right? Or a year or six months. But at some point you must be thinking, will they ever get it or we have the wrong path here. How did you think about that as a team, as you're going, let's keep going on this path?

Maxime Lamothe-Brassard 00:12:43

Absolutely. That is 100% correct. And the reason that we kept going on that path was that not everybody didn't get it right. So we were bootstrapped for, I think, the first two years of what we did of LimaCharlie. And that allowed us the luxury to build up the product, connect with people that got what we were trying to do. That were very early customers that very early on when all we had was Edr, which is like, AWS only has EC two. They said, yes, we're going to use it. And we were able to talk with them, understand where things connected, didn't connect, make sure that the feedback loop with the product was right. Combined with the fact that we're kind of built like an AWS where you don't need contracts, vast majority of people didn't have contracts, which forced us to prove the value every day, essentially, right? We had these people that got what we were doing and we were able to really work with them. And the proof was in the pudding because it was never like, oh, there's a three year renewal now we've got to make sure they're happy. It was every day we had to make sure things were good. It's because we have this steadily growing traction that we really kept going. And I'll kind of just add that there was a bit of a pivot point, right? So that was 2018, I'd say starting 2021, I think, is when we started to talk a little bit more about what we were doing. And it still required a little bit of an explanation, right? Because it's not like Gartner X thing, but people started getting it. And so when that happened, that was when we were like, okay, that is the thing. It's okay for us to really publicly and go in that direction. We're not anymore in this mode of edging our bets, like making sure that those people are happy, but we might have to pivot and talk about what we're doing things in a different way.

Andrew Monaghan 00:14:56

And did you have two sides of the brain, right? Was your emotional side saying, it feels like people are getting it, or was it your logical side saying, we've had 15 demos turned into something and therefore we're there. How do you think about that?

Maxime Lamothe-Brassard 00:15:14

About the change in messaging, is what you mean, right? Yeah, that's a really good and tough question. I think it's probably a little bit of both, right? You know, you work a lot in the sales space. So much around sales is not hard and fast numbers. There's a lot of qualitative around discussions that you have with people. So I think it was definitely both in the sense that business has been expanding bigger and bigger. People started using us. More and more mature organizations would start to use us. And I think honestly, the really kind of points we could hang on to was a couple of different, bigger companies we were talking to not only got what we were saying, but jumped in both feet. Meaning it wasn't like, hey, we're going to use this one product that you have, this one thing easy two, but we're not going to touch us. Three. They came in and they said, okay, yes, we're buying into where this is going. This is what you have right now. We will engineer things so that we can leverage all of the things that you're building because we know that now we're onto an AWS and it's only going to get better for us in the future, less infrastructure to maintain all of these things. So I think it's when those guys came in at the time, just one.

Andrew Monaghan 00:16:44

Thing you said there that picked my interest, and then we'll move on to talk about Lee and Charlie itself is it sounded like the people you're talking to, they understood the vision, but they also understood what you could deliver right now. Right? How did you go and communicate that to them so that there was no blurring of lines and misunderstandings, let's say, about what was on the truck right now and what was going to be on the truck in the future?

Maxime Lamothe-Brassard 00:17:11

Initially, what we tried to do was to really lean into the AWS kind of mapping of what we were doing. We would often talk about like, hey, we're doing this like AWS. And the way that you might map with that is to talk about primitives. And after a little while, we realized that for us, the primitives aren't as clear cut as in AWS. S Three and EC Two and AWS are very distinct pieces of infrastructure, whereas for us, in that complexity stack, we're sort of somewhere in between infrastructure, infrastructure and the platform. So the lines are sometimes a little bit more blurry. We have tools that are generic that allow you to do many different types of use cases. So there's a couple of use cases that were high value, very clear, Edr really being the first one, right? That's where we had a ton of our traction initially. And so it was easy to talk about that. When we started talking about the bigger vision was on demos, we didn't try to sort of very publicly lead people or show people in that direction back in the day. We would hop onto them out and then show them around and by showing, hey, yes, here's the Edr and here's where you can do this and where you can do that. And as you kind of paint a bigger picture towards the end, we go and we'd be able to say, and here's where we're going, right, we intend to remove this part. Not remove, but swallow up use cases that relate to this, this, and this. So if you're using these types of products, we think we're going to be able to cover 90% of those in the next year, kind of thing.

Andrew Monaghan 00:19:06

I like that then. So you give them the tangible reality of now, and because they've got the insight into that and then you got the credibility by doing it, you can then say, imagine if you had this in different areas. Imagine if this is extended out and suddenly it's not a huge leap for them to get there, right? But you're not telling them that's there right now, you're just saying this is what's coming so they can buy into it. The reason I ask about it, Maxime, is that what I've seen is that people like you, CEOs, founders, people like that are very comfortable with that discussion. What I tend to see from go to market teams and sellers is they get very nervous about painting a vision that isn't on the truck right now because they feel like they might be misleading or they don't want to do that good. Or they don't want to do that. But in some ways it's limiting because if all they know is what you do right now, now they don't understand what journey that are going on with you. And I think that's a lesson for salespeople. Right. You have to kind of have the way you did it was, here's the reality, now feel good about that and understand it. And now let's have the conversation about how this might expand in the coming months and years.

Maxime Lamothe-Brassard 00:20:18

Absolutely. And if you go the other way around, especially in security, there's so much it's not fun, but so much difficult to understand products that if you start with that very elaborate vision, I think a lot of people check out right away. So you can't go that way. I'll add that the other, I think, advantage that we had was that it wasn't just, hey, we've got product X and we'll have Y and Z later, but we also were able to point to something we were doing today that clearly was kind of this underlying fabric of where we were going. And so for us, that was self service, scale up, scale down. All of these aspects were like, clearly you can see we're not just like shoveling clouds. This is really where the ramp is going.

Andrew Monaghan 00:21:13

Yeah. You have capabilities which can then be used in different ways, right?

Maxime Lamothe-Brassard 00:21:18

Yes, that's right.

Andrew Monaghan 00:21:19

Just how I hear what you're saying. So you see the power of this and this use case is used like this, and this other use case, it might be used like that. Right. And yeah, I think people can understand that pretty clearly. Les could know a little bit more about you. I have, believe it or not, 35 questions on my list here. I'm not going to ask you 35 questions, but I am going to ask you to pick three numbers randomly between one and 35. And I'll read you out the questions. Give me your first number, Maxime.

Maxime Lamothe-Brassard 00:21:51

Seven.

Andrew Monaghan 00:21:52

Seven. What is your favorite winter pastime?

Maxime Lamothe-Brassard 00:21:58

Oh, I'm not a winter person at all, so I would say my favorite winter pastime is probably reading at home inside.

Andrew Monaghan 00:22:10

I thought you were going to say your favorite winter pastime was going somewhere where it's summer.

Maxime Lamothe-Brassard 00:22:15

That'd be a better one.

Andrew Monaghan 00:22:16

Yeah, I get it. If cold is not your thing, then yeah, it's the inside. Really good book. Give me one more number between one and 35.

Maxime Lamothe-Brassard 00:22:26

Nine.

Andrew Monaghan 00:22:27

One song you could listen to for the rest of your life.

Maxime Lamothe-Brassard 00:22:33

I really like I'm a big REM fan and I really enjoy country feedback.

Andrew Monaghan 00:22:40

Is there a story to the song? I don't know that one. Is there a story to then?

Maxime Lamothe-Brassard 00:22:45

No, but it's a very loaded emotional song on the slow pace, so I don't know. There's a lot to it. There's a lot of sickness.

Andrew Monaghan 00:22:59

Yeah. You have that connection with it, which is the important thing. Right?

Maxime Lamothe-Brassard 00:23:02

Yeah.

Andrew Monaghan 00:23:03

Last number is he more than 35.

Maxime Lamothe-Brassard 00:23:05

34. 34.

Andrew Monaghan 00:23:07

Okay. Which cyber security startup do you really admire right now, except for LimaCharlie?

Maxime Lamothe-Brassard 00:23:14

That is a good question. There's a lot of people doing very cool stuff. I will say one of the ones I really like, and that corresponds it's not random to people that we work with, but Tynes is doing some really cool stuff and they're in cybersecurity, but kind of automation as well. And just the way that they've been operating and building the product and the quality of the product has been very impressive and times.

Andrew Monaghan 00:23:43

If I'm right, they're in the no code, low code, sore space. Right. Innovating a lot around that. Do I get that right?

Maxime Lamothe-Brassard 00:23:51

Exactly. Automating sort of the glue between various APIs to automate processes and things like that.

Andrew Monaghan 00:23:59

Yeah, there's a space that really needed that. Right. It seemed like it was pretty little bit too complicated. And I'm interested to know how LimaCharlie kind of fits into that world as well, because it seems like you're probably close to that world, but maybe a little bit different, sort of we're.

Maxime Lamothe-Brassard 00:24:13

Philosophically aligned, I will say it's kind of like that.

Andrew Monaghan 00:24:16

I love that. But let's talk about LimaCharlie. So, Maxime, if you were talking to me as a salesperson who's originally from Scotland, we're simple people. If I came up to you, let's say, RSA in a couple of months time and said, cool name, LimaCharlie, tell me, what does your company do? How would you answer that?

Maxime Lamothe-Brassard 00:24:38

Yes. So that is, for us, part of that challenge. Right? So the way we now refer to what we do is we talk about cybersecurity middleware, and what that means is that we are kind of like infrastructure. We look a lot like an AWS, but for cybersecurity products and capabilities, that means fundamentally two things. One is the way you interact with us is really like an AWS, right? Self serve, scale up, scale down, multi tenant, pay for what you use, all of these kind of characteristics. ATI first, if you work with an AWS, that's everything we do. And then the products that we have on top of that are designed as cybersecurity primitives. And what cybersecurity primitives means is that instead of selling you a black box, right, where we say, hey, this box is going to keep you safe. If you ask how, we just tell you, don't worry about it, it keeps you safe. We take the opposite approach. We take the perspective that cybersecurity is maturing. A ton of people are really great at doing things in cybersecurity and we want to give them the pro tools that allow them to scale in their environment to build the right security solution for what they need. It sounds a lot like AWS and it's really on purpose. Right. We used to have geocities and yeah, that was cool. We have squarespace and that's good, right. If you're a dentist's office, you can use squarespace. But if you're Unstoppable Dot Do and you are looking to do tech things across all kinds of different realms of what you do, you can't just use squarespace. You have to go and use something like AWS to get access to the low level pieces that you can assemble to give you the right solution that you need. So we take care for you of all of the scaling concerns, the maintenance concerns, all the low level capabilities, because we are in environment with many of those products designed to work together, it means that we can reduce the number of products that you use as well. Right. I think we were hearing 100 something different products in large enterprise, security products in large enterprise. So we are not a gigantic company that bought 500 companies, put them all under a portal and called it a day. We really started from the ground up with pieces that you can get to work together. So you can start with Edr, but we do a ton of different use cases in store. We do use cases in the SIM space. So there's just a lot that you can build and you can integrate. We give you the keys instead of just giving you a black box.

Andrew Monaghan 00:27:31

So if I play back what I was hearing you say there, we want to move away from the idea of black box product by black box product. And usually what happens at the hundred that you mentioned inside Enterprise is they're loosely integrated, maybe around a SIM or maybe a source like that, but a lot of the times they're not that well integrated. Right. And you can have to trust them to the job. But what you're doing is saying, well, let's take almost the right phrase microcomponents and you can build your own almost and put it together and get all the integrations and deploy wherever you want to do. And you're taking things that might not be all polished and shiny, but they're going to be malleable for you to then use wherever you want to use them. Am I kind of along the right lines there?

Maxime Lamothe-Brassard 00:28:17

That's exactly it. And we do that in a way where you don't have to go through big procurement over long periods. You can be truly flexible. Right, so that's exactly correct.

Andrew Monaghan 00:28:33

You're changing a way of buying, a way of working for many organizations over many years, which is not easy to do. So I can see why you need to find those people who are a early adopters, innovators and frustrated enough with the old way that they're like, yeah, this is worth giving a go in some shape or form, but for them, it must be a challenge to really rethink about how they're doing all this, right?

Maxime Lamothe-Brassard 00:29:00

Yes. I'll kind of reshape that question in a way in that that explains our approach to go to market, which is if you connect the dots together, there's kind of a PLG story being mentioned here, right? The one where anybody over a weekend can come into the platform with the free tier and start playing with the things. So the kind of life cycle that we see with people that come to us very commonly starts with a technical person, right? Somebody that worked at a company and they discovered about LimaCharlie. They started using it, deployed at home, they started looking at it, and they really enjoyed their experience because they're in control and they're able to do things that they never thought they could do themselves. They move to a different company, lots of movement, cybersecurity to that new one. They mention what's going on and then they do a POC without necessarily talking to us. And then a month later, we get an email from them saying, hey, this is really interesting. We'd like to start using this. And then that's where the sales process starts for us, right? And so that is where we engage with them. Not as like, hey, please buy our stuff, but rather, what are you trying to do? What are you building? Where are you in your cybersecurity solutions in the company? Because people are in very different places and that's where we're able to target not the full bore full picture from day zero, because, like you say, that's really overwhelming. But instead we can target a few of the things. For example, Edr is very often kind of the entry point for us, right, because it's a very high value. And so we can target and say, hey, you're coming to the end of a three year cycle renewal with Name, the Edr vendor you can switch over to Limit Charlie. Let's talk about a plan. And by doing that, here's the thing. You have like Windows event log forwarders, you have this, this and that product. Well, you can really kind of pair all of this down to what you get right of the box with LimaCharlie and that integration. And then we talk a little bit about the future, where we're going, right? What we want to do is we want to plant the seed in their head of this new way of doing things because they will be usually the ones discovering how they want to leverage Limit Charlie. Constantly we talk to people and they tell us, hey, yeah, we built this flow. When these things happen, here's how we do things. And it just blows our mind because we never. Even thought about it. So it's really kind of that coffee.

Andrew Monaghan 00:32:03

It must be interesting though, because they were having their AHA moment without you there, right? And I'm wondering if you'd be able to talk to them, say what was the moment, what did you see or do that said, oh, I get this and this could be cool.

Maxime Lamothe-Brassard 00:32:20

Yeah, it's usually a little bit above, to be honest, right. In the sense that we focus on here's a classic like the classic kind of interaction is hey, I'm trying to do X and I'm not really sure how to do it in Limitrial. And then we help them and kind of point them to hey, the automation rule has this capability, you can do this to trigger this thing in Limit Charlie. And those are generic concepts and so we help them with this first one with the generic concept so that they then make that connection later on, right, as they're looking at something. And I think it's not usually one day to the next kind of thing. It's like thinking about cloud deployments for the first time. If all you've ever had was on Prem Data Center to think about virtual Vpc and EC, two instances and virtual Firewalls, it takes a while to kind of get into that. But to go back to the very beginning, once you kind of get that, why would you ever rackenstein the end, right?

Andrew Monaghan 00:33:31

The only thing I'm thinking is that for your model to work in a classic plg, you need to have people coming to get your stuff, right? They have to kind of come to you. I'm wondering what you're doing right now that's working, that's drawing them into your world to try something, to do the download and get going.

Maxime Lamothe-Brassard 00:33:51

Yes, that's absolutely correct. And to be clear, TLG is sort of the long term part of that bet, right, where we get a lot of people that are aware. At the end of the day, I would be really shocked to see a very large company doing 100% self serve over a credit card, a huge purchase for something like Cyber Security secure. So it's not like at the end of that road, that's not the standard. That's where really the process goes. So what we do is we have Charlton, who's our demand gen guy, is doing amazing, doing a lot of things is really the answer. So we do a podcast now ourselves that we publish every two weeks. I want to say we have tried and we've done some some courses around LimaCharlie so that people can self serve a bit more. We do a lot of community engagement. So we go in and go to various conferences, talk to people. I don't want it to sound cynical, because it truly isn't, but we've really made a lot of friends in the technical Doer community, right? And that's not because we tried to do that, but just because there's a philosophical fit with what we're doing. Right?

Andrew Monaghan 00:35:23

Yeah. Makes perfect sense.

Maxime Lamothe-Brassard 00:35:24

Yeah. That's helped spread the word a ton as well. Probably equally between word of mouth to kind of outbound.

Andrew Monaghan 00:35:35

And what you did recently, though, is you hired your CRO, your head of sales. How did you know it was the right time to hire Jessica into that role?

Maxime Lamothe-Brassard 00:35:47

Yes. It's a good question, especially because none of us were salespeople. Right. Or like sales background. We're engineers. I think for us, it became clear as we were talking to a lot of people, a lot of people really interested. But we saw a trend, and that trend was that a lot of people were inbound, but there was a very steep drop off. And we attributed that to the lack of structure. Right. We did not have a structured sales process, tracking everybody coming in, understanding where people were coming from, really being very present with those people, with early customers. So all of this meant that we kind of realized that we need somebody that knows what they're doing, is really the answer. We discovered that there's so much technical space in sales nowadays around technical sales tools to go and achieve these things. And so we didn't know about any of that stuff. So for us, it really became clear, like, hey, we know there's a lot of buzz around what we're doing. We talked to a lot of people, but we can never seem to really align these large contracts and negotiations all the way to the finish line. So we need somebody to help with that and then somebody that can help to start to think about how can we do things a bit more outbound as well. So not on the demand gen side of things, but we kind of figured what we're doing is very new and there's a lot of people that we need to be able to go and reach. So Jessica was able to kind of do all these things. She had this really the criteria for us when we were sort of looking at all this was somebody who's done the ground work of being in sales teams, but who's at the point where kind of like I would describe. I was right before starting the company of. The next logical step is for somebody to come in and really organize a whole company's sales and somebody who's not afraid to not be cookie cutter. Right. So much of what we do, especially in cybersecurity, is so different. We couldn't get somebody that would come in and say, no, everything we do is complex bundles and sales over three years, and that just didn't fit in.

Andrew Monaghan 00:38:22

No, I get it. Completely interesting challenge for someone coming in is that there isn't, I don't know, the crutches of well, it's like edr but different. Right? That's usually what people do. It's almost like this, but we do it better. Right. What you have to have is someone who can truly evangelize and educate. And it's a very different mentality, I think, coming into sales cycles when you just have to accept that people are not going to understand at the gate exactly what you mean. And you have to figure out how do you capture that? How do you capture their attention, how do you capture their emotional residents? To say, this is something worth me actually working on. And I wonder how you think about when you're expanding the team, getting the right sort of people in who could do that.

Maxime Lamothe-Brassard 00:39:08

Yes, absolutely. That requirement is across the board for us. We just can't get somebody that brings somebody in who's very hard set in a very specific way, specifically in cybersecurity, where things have been a specific way for a very long time in my mental scale. So, yes, I would add to that that it's been really critical as well to have somebody to have Jessica come in and at a strategic level, see the pieces that needed to be put in place towards the future. Right. We wanted to be sure that it wasn't somebody that can do the ground thing right now and hit the ground and talk to a lot of people without also we're talking plg. For us in our space, it's kind of a bit of a longer time scale. So we wanted to make sure it was somebody that was able to kind of connect those dots through time and say, okay, we need to bring in somebody that does, for example, like, demand jun or outbound or this and that so that it starts paying off over the long term.

Andrew Monaghan 00:40:27

Maxime, if you could wave a magic wand and fix one thing for your sales progestica and all the things you on the sales side that's really causing you a bit of heartburn right now, what's that one thing that you would fix?

Maxime Lamothe-Brassard 00:40:43

If it's a really big magic wand, I would say for the mental model of what we do to be known everywhere. Right. We talk to even banks and people like that, and what we're proposing is novel. It won't be like that forever. I think if we were able to kind of wish away the education piece of that, I mean, it's very hypothetical, right? But for us, that would be amazing because that is still the part that takes a lot of time in the sales process of really accompanying people through that mental shift.

Andrew Monaghan 00:41:23

Got it. Let's flip things around. Is there a question for me that I could try and answer for you that would be useful for you?

Maxime Lamothe-Brassard 00:41:31

Yeah, for sure. So you've seen a lot of different organizations do a lot of different things. I'm kind of curious to hear what are the most interesting sales or go to market motions that you've seen people do, hopefully successfully, but things that are different in that space.

Andrew Monaghan 00:41:54

Yeah. Having listened to how you're doing things, I think these are probably aligned to the things you're thinking about already as opposed to completely different. But I'll give you three examples or kind of intertwined, but there's a company called Run Zero. They're in the Asset identification. Asset management, I think. Space. They would basically go the tool goes and finds things and catalogs it and allows you to manage and secure what you then know about. So it's kind of an older space, but it's been played over the years with inaccuracies and things like that. It's really hard to do at scale. Right. One of the founders of Run Zero is HD Moore, well known in the kind of hacker community. He spent a lot of time breaking into Apple things back in the day, and he's known, right. And when they were coming to market, they went plg. And a lot of it was fueled through people knowing, oh, HT. Moore, if Htmur is doing this or behind it or whatever, let's listen to him about what it's all about. And it worked for them. And in fact, the reason that they hired a sales team was that the inbound into the CEO who was not HD, it was someone else, was too much for him to handle. And he said, I need someone just to take this off my plate. It's getting a bit ridiculous. And I actually interviewed Jay Wallace, who's the head of sales there, about probably six or nine months ago. And Jay, he was still scaling the sales team based on the inbound that they were getting. Right. It was a classic plg. They would download something and as he said at the time, they'd even put it in their home network and they'd find things attached to their home network they didn't realize and go, I wonder if I just did that, this subnet of work or whatever, what I find. And then they'd realize, oh my goodness, there's all this world that we need to be thinking about. And then they would be in touch saying, okay, I reached my limit off whether it was scans or IPS or it might be, how do we do a much bigger deal here or a much bigger way to use this? And I haven't talked to Jay for a few months, but last I heard, they're scaling. They just hired some more people and other enterprise sales leader or things like that. So that whole motion for them was working. And it might be worth seeing if there's anything to learn from them behind the scenes about how they went about doing that. So that's one thing that springs to mind. The other thing is, I just talked to Eric Olden. He is the CEO at Strata Identity. I talked to Eric last week. I would imagine that his episode of this podcast will come out round about the same time as yours. So if someone wants to listen to it, it's either like a deficit or two back or it'll be coming out at any moment now. And Eric's kind of interesting. He's actually founded and sold two companies to RSA already in the identity space, and he's now on the third one. And Eric, he went up to Series B Na, but he said at Seed and arranged his rule for his people was we don't make Cold calls and we don't send Cold emails. And in lieu of that, what they did was go all in on the idea of the content strategy that you were kind of alluding to. Everything they produced was all about differentiation. Identities are definitely more competitors in identity than perhaps what you're seeing true competitors for what you're doing right now. Right? So he had to do differentiation. He had to reach the market and talk and things in a way that actually would resonate with people. And usually, therefore, it's probably lower down and not above the line. It's not Ciscos that are consuming the content. It's kind of middle and below and it worked for them, right. I mean, they're scaling rapidly now, and I think they hired their sales team from there. And I think now they're allowed to make Cold calls and do emails. But that whole focus on let's make sure we nail our messaging, our point of view, how we talk to people just by doing it like that worked for them. And there is you probably know this, right? There's definitely a movement right now around doing demand gen or demand creation that way, where you do all the podcasts and the content stuff that says the people that like what we do will come to us because it resonates with them and we have to be comfortable. There's going to be people that will never come to us because we're just talking Japanese them when we're trying to talk English, right? But those are talking English. You go, yes, that sounds interesting. I want to come and do that. And I thought what Eric was doing was kind of interesting. And the one thing I'd add to that is that I talked to Snehal Antennae. He's the CEO at Horizon Three. This was the RSA last year, actually. I interviewed him in the lobby of the mezzanine floor of the Marriott. There. I just have it my brain. What I love about what Snowal did is he was not afraid to be controversial. He even said, when I was a CISO, I would use these, I think it was the automated attack tools, right? I would use them and I came to realize they were all snake oil. Now, that's quite a strong statement to use. Right. I noticed to use the word scam, thinking about these big established cybersecurity players in their suites and their ela, things like that. And I think there's something to be learned from Snow where he's not afraid to cause a little bit of controversy by using kind of strong words like that. And again, those that kind of go, I was kind of thinking that myself will lean towards him. And those that are on the advisory board of these automated attack tool vendors are never going to buy from him because they just don't know. This is the most amazing thing in the world, right? I think there's something you learned from having that and maybe injecting that and your outreach and your content and podcasts, things like that, maybe you're doing some of this already. So that's why it kind of brings to my mind when you say companies that are doing things a little bit differently than the usual, let's hire a sales team and do a whole bunch of that bond and bombard them with emails and phone calls and hope that things stick.

Maxime Lamothe-Brassard 00:48:08

Very cool. Thank you.

Andrew Monaghan 00:48:10

Well, Maxime, listen, I really enjoyed this conversation. I love the unique area that you're in. This is so different to how most people are thinking about solving some of the big challenges in cyber security. If someone wants to continue the conversation or get in touch, what's the best way for them to do that?

Maxime Lamothe-Brassard 00:48:27

So our website limacharlie.io or Twitter at LimaCharlieIO.

Andrew Monaghan 00:48:33

And you're going to be at RSA, correct?

Maxime Lamothe-Brassard 00:48:35

That's correct. We will be at RSA.

Andrew Monaghan 00:48:37

Doing anything special there or attending?

Maxime Lamothe-Brassard 00:48:40

And Evangelizing, we will have a booth on the startup side. I forget the exact name for that section, so we'll have a small presence there. But yeah, it will be a lot about just going and talking to people. So if anybody's going to be there and wants to have a chat, please get in touch. Always really enjoy chatting with people and seeing where they are and what they're doing and all that good stuff.

Andrew Monaghan 00:49:09

Yeah, very good. Yeah, it's the Early Stage Expo, I think they call it. It's a great little group of like 50 or 60 earlier stage companies and everyone's trying to find their way and get going. It's a really cool space to be in. So, listen, I wish you all the best for RSA for 2023 and beyond and rooting for you for all your success.

Maxime Lamothe-Brassard 00:49:30

Thank you very much.

Andrew Monaghan 00:49:31

Well, I got a lot from that episode learning how LimaCharlie and Maxime and the team are thinking about the market, thinking about the product, thinking about the gotomarket a lot in there to digest. That isn't exactly how many others are doing it. If I was to pick three things that really do that for me, first one is it truly is to me, it seems, and you guys can trick me if I missed something. But that truly seems like a very different approach to doing cybersecurity at scale for larger companies. And that's the market that they're going after. Right. He said the ones the more sophisticated, the ones that have all engineers to make this work, that's probably not a mid market approach. It's going to be organizations which have the investments in people, experienced people, to really kind of get it and know what they can do with it. So to me, it was a very different approach in all sorts of different ways. The second thing is the business model, right? And they're going to I don't know if it's exactly a consumption model like AWS, but certainly in that same sort of idea, again, that's a little bit different to most organizations and how they're going to market with their products. They're looking for small amounts of revenue based on what you need right now and then grow with them versus the traditional, let's do a one or three year deal, let's do an Ela, let's tie it in other products. There's certainly bigger companies do, and I think some smaller companies are trying to emulate as well. So their model is very different. The third takeaway I had was when I asked them about what the driver was for hiring the CRO, they found that they had a drop off in the funnel after initial interest, and it was because they couldn't handle it. It couldn't effectively process all the inbound in a way that was going to be effective for LimaCharlie, but also for the prospects. So they hired someone who came in who could put the process in place and the structure in place and probably the tools in place as well so that they could get a motion, a sales motion that was much more orchestrated and solid compared to what they had before, which seemed a little bit maybe haphazardly is best effort. So it was nice to see the CRO come in and make that change and make that difference for them. So, as I said, I love the conversation. I wish the whole team every success, Maxime, Chris and Joe success for the rest of the year.